In the latest evidence of social media's power and its vulnerability to potentially catastrophic cyber attacks, the financial markets were whipsawed Tuesday by a bogus Associated Press tweet sent out by hackers claiming the White House had been hit by explosions, and President Barack Obama had been injured.

The false report caused the Dow Jones Industrial Average to drop 144 points between 10:07 a.m. and 10:09 a.m. Crude oil prices also briefly tumbled while U.S. Treasuries and gold futures temporarily spiked. Within minutes, however, AP disclosed that the tweet was erroneous, and the markets returned to normal, with the Dow eventually rising 152 points for the day -- or about 1 percent -- to close at 14,719.

NEW YORK, NY - APRIL 23: A stock trader works the floor of the New York Stock Exchange on April 23, 2013 in New York City. The market dropped sharply after the Associated Press's Twitter account was hacked today and a false tweet announced that President Barack Obama had been injured in an attack at the White House. The AP took down its Twitter account and announced it had been hacked. The stock market recovered, with the Dow closing up 152 points at 14,719. (Photo by John Moore/Getty Images)
(
John Moore
)

Over the past couple of years, hackers have compromised a variety of news service Twitter accounts, including posting a phony Fox News tweet in 2011 that claimed President Obama had been killed. But Tuesday's tweet was stunning because it immediately knocked the markets topsy-turvy. And several experts warned the public to expect other disruptions, particularly with the U.S. Securities and Exchange Commission's recent announcement that companies can use Twitter and other social media to post their financial statements.

Advertisement

"I have no doubt we'll see more of this," said Michael Sutton, vice president of security research for Zscaler, a security company based in San Jose. While hacking isn't new, he added, its effect can be magnified by social media, which so many people depend on for news. "Everything is just moving faster; that's really the only change. The impact of this is quick and deep."

Andrew Storms of nCircle, an information security company based in San Francisco, agreed.

"Certainly Facebook and other social-media outlets are really now the de facto outlets for news," he said. "Because of that, these outlets and these accounts on Twitter are now high-profile targets for those meant to do bad."

On the plus side, Storms said, the attacks could prompt social media sites and those using them to better protect themselves from cyber villains. But he added, "The pessimist in me says it's only going to get worse."

Determining what is or isn't true on Twitter has always been an issue. Just last week, the site was filled with a lot of useful information about the Boston Marathon bombings. But it also included a number of mistaken reports. Hackers purposely posting false information make it even tougher to know which tweets to believe.

On July 4, 2011, a phony Fox News tweet claimed the president had been fatally shot while campaigning in Iowa, adding, "The President is dead. A sad 4th of July indeed." USA Today, NBC, CBS, eBay (EBAY), Burger King and Jeep also reportedly have been victimized by bogus tweets.

Moreover, on Monday, a fake tweet was sent out purportedly from Sepp Blatter, president of the world soccer organization FIFA, claiming he was stepping down from the group due to his involvement in corruption.

Experts said it was unclear to what extent Twitter or AP were responsible for the false tweet Tuesday. Some said the news organization should have been monitoring its tweets more closely. But they also said Twitter should institute two-factor authentication, requiring users to provide more than just a password to access the site.

In a terse statement, AP said, "Out of a sense of caution, we have suspended other AP Twitter feeds. We are working with Twitter to sort this out."

A group calling itself the Syrian Electronic Army took credit for the false tweet, a claim that could not be independently verified.

Shortly before the phony Tweet went out, AP issued its staff a memo warning them that some staff members had gotten malicious emails attempting to lure them to a "bogus site requesting you to log on." But AP declined to comment on that and it is unclear if that was related to the erroneous tweet.

Whatever enabled the hackers to compromise AP's posts, "this is going to be an ongoing thing that we have to be very concerned about," said JD Sherry, global director of technology and solutions for the Japanese security firm Trend Micro. "I think what we're seeing here is something we track quite regularly -- the dark side of social media."

Mercury News researcher Leigh Poitinger contributed to this story. Contact Steve Johnson at sjohnson@mercurynews.com or 408-920-5043. Follow him at Twitter.com/steveatmercnews.